Date: Mon, 24 Aug 2020 18:13:43 -0400 From: Rich Felker <dalias@...c.org> To: musl@...ts.openwall.com Subject: Re: Incompatible behaviour of res_query(3) w.r.t. NXDOMAIN On Tue, Aug 25, 2020 at 12:04:44AM +0200, Florian Weimer wrote: > * Rich Felker: > > > On Mon, Aug 24, 2020 at 11:04:49PM +0200, Florian Weimer wrote: > >> * Rich Felker: > >> > >> > Hmm, I think in this case the "better" might be sufficient that we > >> > want to keep it and pressure other implementations to change too. A > >> > program performing a lookup where the result is NxDomain may very well > >> > want to know whether that's an authenticated (by DNSSEC) NxDomain or > >> > one in an insecure zone. Returning an error to the caller with no > >> > packet contents discards this critical data. > >> > >> Isn't this the behavior you'd get with res_send? > >> > >> I think such error translation is precisely the point of the res_query > >> convenience function (along with the implicit construction of the > >> query packet). > > > > Does such a distinction exist? > > Yes, I think so. It's the behavior of the BIND 4 era stub resolver > code. OK. The man pages (and glibc docs? not sure) don't seem to document this, so we should probably try to get them fixed too. The closest I can find is the text that: "In the case of an error return from res_nquery(), res_query(), res_nsearch(), res_search(), res_nquerydomain(), or res_querydomain(), the global variable h_errno (see gethostbyname(3)) can be consulted to determine the cause of the error." which could be interpreted as saying the same errors are specified to happen (does this mean NODATA shoudl also be an error rather than a success return?), but it doesn't make clear that nxdomain and noerror are not errors for res_send etc. Rich
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.